On Mon, 2010-06-07 at 14:34 -0700, Brian Dunning wrote: > I think I must have misstated the problem. Thanks to everyone for the > replies, but the question is not how to fix it, it's how to find the script > being attacked. Many different admins manage many different sites on this > server, and I can't even begin to guess how many mail forms are on there from > different programmers. > > I'm currently downloading the logs as Peter suggested, and will take a look. > I'm not much of a sysad and I just thought maybe someone might know a way to > sniff outgoing email or something, I really don't know how to attack this. > Fixing the scripts is a long term solution, obviously, but I need a short > term fix other than killing email on the apache account. > > Might be more of a Linux question than a PHP question. > >
See if you can find all calls to a mail function in PHP. The easiest way to use a form to send spam is to enter your own headers, for example, in one of the fields. For instance, if a form has a to field, just enter a string like this: "t...@test.com\nbcc:s...@spam.com" which will then send email to the spam address as a bcc recipient. Thanks, Ash http://www.ashleysheridan.co.uk
